Category: Infosec Blogs/Podcasts

Following up on our post the other day, we found this great example of the difference between threat data (as in all those “feeds” with indicators) and threat intelligence on Black Hills’ security blog. Basically intelligence is data with context.…

Please Share >

Saw this post today over on CSO Online very accurately describing what is going on in today’s world of threat intelligence. Put bluntly … most vendors are not selling threat intelligence. Instead I would call it threat data, which lacks…

Please Share >

The recent government release of information sharing guidelines reminded me of a post @taosecurity did a while back where he takes a stab answering this question. As usual in infosec … “it depends” is the answer. Still, it’s a great…

Please Share >

Fresh off the recent passing of the Cybersecurity (Information Sharing) Act of 2015, DHS and DOJ have issued guidance on the sharing cyber threats information. The first publication describes how non-federal entities should share indicators and countermeasures with federal entities…

Please Share >

I came across this doozy in a book my kid is reading — “Jedi Apprentice: The Dark Rival.” In one scene Jedi Master Qui-Gon Jinn is trying to access a computer of some sort of his former Padawan, Xanatos. Of…

Please Share >

Beyond being just a great resource on where to gather your own open source intelligence, @da_667‘s recent post makes a great point at the end in defense of the so called “easy” indicators (e.g., hash values, IP addresses, and domain names)…

Please Share >

Years ago I sat in my first network security class learning all about the OSI model, the operation of TCP/IP, port and protocols, and many other interesting topics. One of the main take-aways was to always segment your network for…

Please Share >

The HTTP protocol has long been used by bad guys as an infection vector, command and control channel, and of course data exfiltration. The countermeasure most organizations use to mitigate this attack path is a proxy server that monitors outgoing…

Please Share >

For the past few years there has been a big focus on attributing attacks. The government has always been in the game (but obviously keeping it close to the vest) and recently vendors have been getting into the action for…

Please Share >

About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.